ado-vllm-performance (>=1.2.2 <=1.3.3), agentclinic (=0.1.0) +31 more potentially affected by CVE-2026-24779 via vllm (>=0.10.0 <=0.14.0)

vllm PYPI version =0.10.0, =1.2.2, =0.0.0, =2.3.5, =0.2.0, =0.1.0, =1.0.1rc1, =0.0.4, =0.1.0, =0.3.9, =0.5.2, =0.1.0, =0.1.5, =0.2.0 - gfmrag =2.0.0 and more Source cves: CVE-2026-24779 Source advisory: SNYK:PYTHON-VLLM-15123970...

2webp (>=0.1.4 <=0.1.5), @57block/stellar-resource-usage (>=0.0.1 <=1.2.0) +365 more potentially affected by CVE-2026-24910 via bun (>=1.0.13 <=1.3.2)

bun NPM version =1.0.13, =0.1.4, =0.0.1, =0.2.0, =0.5.0, =0.0.1, =0.0.1, =0.0.2, =0.1.0, =0.0.1, =3.260321.1, =0.260331.1, =0.260528.2 and more Source cves: CVE-2026-24910 Source advisory: SNYK:JS-BUN-15123966...

CVE-2025-21589

CVE-2025-21589 is an API authentication bypass vulnerability in Juniper Networks Session Smart Router, Session Smart Conductor, and WAN Assurance Routers. A network-based attacker could bypass authentication and gain administrative control. Affected versions include Session Smart Router: 5.6.7–5....

CVE-2025-28162

Buffer Overflow vulnerability in libpng 1.6.43-1.6.46 allows a local attacker to cause a denial of service via the pngimage with AddressSanitizer ASan, the program leaks memory in various locations, eventually leading to high memory usage and causing the program to become unresponsive...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2026-1470 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2026-1470 Source advisory: OSV:GHSA-5XRP-6693-JJX9...

@0xlimao/n8n-nodes-ethereum (>=1.0.0 <=1.0.1), @a700/n8n-nodes-agent700 (>=1.0.5 <=1.0.7) +273 more potentially affected by CVE-2026-1470 via n8n-workflow (>=2.0.0-rc.0 <=2.4.2)

n8n-workflow NPM version =2.0.0-rc.0, =1.0.0, =1.0.5, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =0.2.2, =0.3.6, =0.1.0, =1.0.0, =1.3.1 and more Source cves: CVE-2026-1470 Source advisory: SNYK:JS-N8NWORKFLOW-15118125...

@saltcorn/admin-models (>=1.5.0-beta.0 <=1.5.0-beta.18), @saltcorn/base-plugin (>=1.5.0-beta.0 <=1.5.0-beta.18) +5 more potentially affected by unknown CVE via @saltcorn/data (>=1.5.0-beta.0 <=1.5.0-beta.18)

@saltcorn/data NPM version =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.0, =1.5.0-beta.18 Source cves: unknown CVE Source advisory: SNYK:JS-SALTCORNDATA-15126137...

io.quarkiverse.flags:quarkus-flags-hibernate-reactive (>=1.0.0.Beta7 <=1.0.0.Beta8), io.quarkiverse.flags:quarkus-flags-hibernate-reactive-deployment (>=1.0.0.Beta7 <=1.0.0.Beta8) +13 more potentially affected by CVE-2025-14969 via org.hibernate.reactive:hibernate-reactive-core (=3.2.11.Final)

org.hibernate.reactive:hibernate-reactive-core MAVEN version =3.2.11.Final is affected by a known vulnerability. The following packages have a transitive dependency on org.hibernate.reactive:hibernate-reactive-core and may be impacted: - io.quarkiverse.flags:quarkus-flags-hibernate-reactive...

BIT-SOLR-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin

Deployments of Apache Solr 5.3.0 through 9.10.0 that rely on Solr's "Rule Based Authorization Plugin" are vulnerable to allowing unauthorized access to certain Solr APIs, due to insufficiently strict input validation in those components. Only deployments that meet all of the following criteria ar...

AssertJ code issue vulnerabilities

AssertJ is an open-source unit testing tool developed by AssertJ. In versions 1.4.0 to 3.27.7 of AssertJ, there were code vulnerabilities. These vulnerabilities stemmed from an XML external entity vulnerability in XmlStringPrettyFormatter, which could allow for the reading of arbitrary local file...

CVE-2025-15516

The All-in-One Video Gallery plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxcallbackstoreusermeta function in versions 4.1.0 to 4.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, ...

CVE-2026-22275

Dell ECS, versions 3.8.1.0 through 3.8.1.7, and Dell ObjectScale versions prior to 4.2.0.0, contains an Inclusion of Sensitive Information in Source Code vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

PT-2026-4401

Name of the Vulnerable Software and Affected Versions CRM Perks Integration for Contact Form 7 HubSpot versions n/a through 1.4.3 Description The CRM Perks Integration for Contact Form 7 HubSpot cf7-hubspot contains a flaw that allows retrieval of embedded sensitive data. This issue relates to th...

170051277-trab-final-gces (>=0.3.0 <=0.5.0), 2022-2-gces-ifpf (=0.3.0) +527 more potentially affected by CVE-2026-1260 via sentencepiece (>=0.1.82 <=0.2.0)

sentencepiece PYPI version =0.1.82, =0.3.0, =0.0.4.80, =1.0.32, =1.1.0, =0.3.0, =0.5.0, =0.2.2, =2.0.0, =0.3.5, =0.0.3, =0.3.0, =0.3.17 - akira =0.1.2 - al-for-design =0.0.1 - alignmap =1.0.0 and more Source cves: CVE-2026-1260 Source advisory: OSV:GHSA-38VQ-G6VR-W8WF...

a-mailx (=0.1.0), aaaai (>=0.1.3 <=0.3.0) +334 more potentially affected by CVE-2025-67221 via orjson (>=2.0.11 <=3.11.5)

orjson PYPI version =2.0.11, =0.1.3, =4.8.2, =0.1.3, =0.0.5, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.31, =0.0.1, =0.0.3, =0.2.0, =0.5.0 and more Source cves: CVE-2025-67221 Source advisory: OSV:GHSA-HX9Q-6W63-J58V...

CVE-2026-1290

Authentication Bypass by Primary Weakness vulnerability in Jamf Jamf Pro allows unspecified impact.This issue affects Jamf Pro: from 11.20 through 11.24...

CVE-2025-13928

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints...

CVE-2025-13928 Incorrect Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints...

CVE-2026-23991 go-tuf affected by client DoS via malformed server response

go-tuf is a Go implementation of The Update Framework TUF. Starting in version 2.0.0 and prior to version 2.3.1, if the TUF repository or any of its mirrors returns invalid TUF metadata JSON valid JSON but not well formed TUF metadata, the client will panic during parsing, causing a denial of...

PT-2026-4068

Name of the Vulnerable Software and Affected Versions Chris Simmons WP BackItUp versions through 2.0.0 Description The software contains a missing authorization issue related to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendations Upda...